[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN108989331B - Use authentication method of data storage device, device and storage medium thereof - Google Patents

Use authentication method of data storage device, device and storage medium thereof Download PDF

Info

Publication number
CN108989331B
CN108989331B CN201810901051.XA CN201810901051A CN108989331B CN 108989331 B CN108989331 B CN 108989331B CN 201810901051 A CN201810901051 A CN 201810901051A CN 108989331 B CN108989331 B CN 108989331B
Authority
CN
China
Prior art keywords
user
mobile terminal
data storage
storage device
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810901051.XA
Other languages
Chinese (zh)
Other versions
CN108989331A (en
Inventor
顾宏超
吴同鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gu Hongchao
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201810901051.XA priority Critical patent/CN108989331B/en
Publication of CN108989331A publication Critical patent/CN108989331A/en
Application granted granted Critical
Publication of CN108989331B publication Critical patent/CN108989331B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the communication field, and discloses a use authentication method of a data storage device, which comprises the following steps: acquiring a first biometric characteristic of a user acquired at a data storage device; sending the first biological identification feature to the mobile terminal; if the first terminal ID of the mobile terminal and the first user ID of the user of the mobile terminal sent by the mobile terminal are received, sending a first device ID, a first terminal ID and a first user ID for identifying the data storage device to a server; and if the authorization information of the server matching successfully is received from the server, sending data corresponding to the first user ID stored in the data storage device to the mobile terminal. The invention can ensure that the user requesting to acquire the data at the physical position is the user, thereby effectively avoiding the condition that the user identity or the related data after the mobile terminal is stolen and improving the safety of data acquisition.

Description

Use authentication method of data storage device, device and storage medium thereof
Technical Field
The present invention relates to the field of communications, and in particular, to a method for authenticating use of a data storage device, and a device and a storage medium thereof.
Background
In the conventional data transmission process, there is a risk that transmission of unencrypted data is intercepted halfway, while encrypted data and a key that are sent separately are intercepted separately according to sender inquiry. To solve this problem, different transmitting devices may be provided to transmit the secret data and the secret key separately, and at the same time, to authenticate whether or not the terminal receiving the data is authorized to obtain the data. Most of the existing authentication methods rely on the mobile internet to perform one-way authentication, and have the problem that address information is easy to forge, for example, an attacker can remotely operate the mobile terminal to authorize the terminal needing authentication when the mobile terminal is stolen, broken, or copied.
Due to the characteristics of the internet, such sending of information in a different place is almost imperceptible, and thus it cannot be determined whether the mobile terminal is in the vicinity of a terminal (i.e., an execution device) that needs to be authorized, and further, whether an authorized user initiates an authentication application is determined.
I.e. it has been proven that it can be forged/hacked at present only by checking the identity information (cell phone SN, cell phone number, use authentication function built in the mobile terminal OS, e.g. lock screen password) of the authentication or certification initiator. In such cases where higher security is required, these conventional authentication methods and authentication methods cannot be relied upon.
However, authentication is performed directly by means of a user unique identification code such as biometric features, and the like, which causes a problem that user information must be stored in a concentrated manner. When the related services are oriented to the mass market, a large amount of user information, especially user information which cannot be changed such as biometric features, is stored in a centralized manner, and once the user information is revealed, a great loss is caused to the client. That is, any service that centrally stores user information is high risk. Collecting and transmitting individual biometric characteristic information is a sensitive activity that is highly related to security and law in China and all over the world.
Disclosure of Invention
The invention aims to provide a use authentication method of data storage equipment, equipment and a storage medium thereof, which can ensure that a user who requests to authorize and receive encrypted data and a secret key at a physical position is the user, thereby effectively avoiding the condition that the user identity or related data after a mobile terminal is stolen and improving the security of data acquisition.
In order to solve the above technical problem, an embodiment of the present invention discloses a method for authenticating use of a data storage device, including:
acquiring a first biometric characteristic of a user acquired at a data storage device;
sending a first biometric feature to a mobile terminal for the mobile terminal to match the received first biometric feature with a second biometric feature of a user stored in the mobile terminal;
if the first terminal ID of the mobile terminal and the first user ID of the user of the mobile terminal sent by the mobile terminal are received, sending a first device ID, a first terminal ID and a first user ID for identifying the data storage device to a server, so that the server matches the received first device ID, first terminal ID and first user ID with a second device ID, a second terminal ID and a second user ID received by the server from the mobile terminal respectively;
and if the authorization information of the server matching successfully is received from the server, sending data corresponding to the first user ID stored in the data storage device to the mobile terminal.
In an example, the data corresponding to the first user ID transmitted to the mobile terminal is encrypted data, and
and after receiving the encrypted data, the mobile terminal decrypts the encrypted data according to the key corresponding to the first user ID or the second user ID, which is received from the server and sent after the server is successfully matched.
In an example, after the method sends the first biometric characteristic to the mobile terminal, the method further includes:
deleting the acquired first biometric characteristic.
In one example, if the device that acquired and obtained the biometric feature is not the same device, the acquisition device that acquired the biometric feature may also delete the acquired biometric feature after transmitting the acquired biometric feature.
In one example, the method satisfies at least one of the following conditions:
the device for acquiring the first biometric characteristic is arranged or integrated on a data storage device;
the data storage device is an electronic message board;
the first biometric characteristic and the second biometric characteristic are fingerprints.
The embodiment of the invention also discloses a use authentication method of the data storage equipment, which comprises the following steps:
the mobile terminal receives a first biological identification characteristic of a user, which is collected at a data storage device;
the mobile terminal matches the received first biometric characteristic with a second biometric characteristic of the user stored in the mobile terminal;
if the matching is successful, the mobile terminal sends a first terminal ID of the mobile terminal and a first user ID of a user of the mobile terminal to the detection device sending the first biometric characteristic, and
sending a second device ID, a second terminal ID and a second user ID of the identification data storage device of the receiving self-detection device to the server, so that the server: and matching the received second equipment ID, the second terminal ID and the second user ID with the first equipment ID, the first terminal ID and the first user ID received by the server from the detection equipment respectively.
In an example, the method further comprises:
the mobile terminal receives data corresponding to the first user ID stored in the data storage device from the data storage device;
the server sends authorization information successfully matched with the server to the data storage device after successfully matching the second equipment ID, the second terminal ID and the second user ID with the first equipment ID, the first terminal ID and the first user ID respectively, and the data storage device sends data to the mobile terminal after receiving the authorization information.
In the above example, the data received by the mobile terminal from the data storage device is encrypted data, and the method further comprises:
the mobile terminal receives a key corresponding to the first user ID or the second user ID from the server, and decrypts the encrypted data based on the key.
In another example, the method further comprises:
the decrypted data is displayed on a screen of the mobile terminal.
The embodiment of the invention also discloses a use authentication method of the data storage equipment, which comprises the following steps:
the server receives a second device ID, a second terminal ID and a second user ID from the mobile terminal, and receives a first device ID, a first terminal ID and a first user ID from the detection device;
the server respectively matches the received first equipment ID, the first terminal ID and the first user ID with the second equipment ID, the second terminal ID and the second user ID;
after the server is successfully matched, the server sends authorization information to the data storage device, so that the data storage device sends data corresponding to the first user ID to the mobile terminal according to the received authorization information;
wherein the mobile terminal transmits the second device ID, the second terminal ID, and the second user ID to the server and transmits the first terminal ID and the first user ID to the detection device when the first biometric characteristic matches a second biometric characteristic of the user stored in the mobile terminal, and
the first biometric characteristic is collected at the data storage device and sent to the mobile terminal by the detection device, and the first device ID is sent to the mobile terminal by the detection device.
In an example, the data sent by the data storage device to the mobile terminal is encrypted data, and the method further comprises:
and after the server is successfully matched, sending a key corresponding to the first user ID or the second user ID to the mobile terminal so that the mobile terminal can decrypt the encrypted data based on the received key.
The embodiment of the invention also discloses a use authentication device of the data storage equipment, which comprises:
an acquisition unit for acquiring a first biometric characteristic of a user acquired at a data storage device;
the mobile terminal comprises a first sending unit, a second sending unit and a third sending unit, wherein the first sending unit is used for sending a first biological identification characteristic to the mobile terminal so that the mobile terminal can match the received first biological identification characteristic with a second biological identification characteristic of a user stored in the mobile terminal;
a second sending unit, configured to send, to the server, the first device ID, the first terminal ID, and the first user ID that identify the data storage device when receiving the first terminal ID of the mobile terminal and the first user ID of the user of the mobile terminal sent by the mobile terminal, so that the server matches the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID received by the server from the mobile terminal, respectively;
the third sending unit is used for sending the data which is stored in the data storage device and corresponds to the first user ID to the mobile terminal after the authorization information which is successfully matched with the server is received from the server;
and the deleting unit is used for deleting the acquired first biological identification characteristic.
The embodiment of the invention also discloses a mobile terminal, which comprises:
a first receiving unit, configured to receive a first biometric characteristic of a user collected at a data storage device;
a first matching unit for matching the received first biometric characteristic with a second biometric characteristic of the user stored in the mobile terminal;
a fourth transmitting unit for transmitting the first terminal ID of the mobile terminal and the first user ID of the user of the mobile terminal to the detecting device transmitting the first biometric feature after the first matching unit is successfully matched, and
sending a second device ID, a second terminal ID and a second user ID of the identification data storage device of the receiving self-detection device to the server, so that the server: respectively matching the received second equipment ID, the second terminal ID and the second user ID with the first equipment ID, the first terminal ID and the first user ID received by the server from the detection equipment, and sending authorization information matched successfully to the equipment after matching successfully;
a second receiving unit for receiving data corresponding to the first user ID stored in the data storage device from the data storage device.
The embodiment of the invention also discloses a server, which comprises:
a third receiving unit configured to receive the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receive the first device ID, the first terminal ID, and the first user ID from the detection device;
a second matching unit, configured to match the received first device ID, the first terminal ID, and the first user ID with the second device ID, the second terminal ID, and the second user ID, respectively;
a fifth sending unit, configured to send authorization information to the data storage device, so that the data storage device sends data corresponding to the first user ID to the mobile terminal according to the received authorization information;
wherein the mobile terminal transmits the second device ID, the second terminal ID, and the second user ID to the server and transmits the first terminal ID and the first user ID to the detection device when the first biometric characteristic matches a second biometric characteristic of the user stored in the mobile terminal, and
the first biometric characteristic is collected at the data storage device and sent to the mobile terminal by the detection device, and the first device ID is sent to the mobile terminal by the detection device.
The embodiment of the invention also discloses a device which comprises a memory and a processor, wherein the memory stores computer executable instructions, and the processor is configured to execute the instructions to implement the use authentication method of the data storage device disclosed by the embodiment.
The embodiment of the invention also discloses a nonvolatile computer storage medium coded by the computer program, wherein the computer program comprises instructions which can cause more than one computer to execute the use authentication method of the data storage device disclosed by the embodiment when the instructions are executed by more than one computer.
Compared with the prior art, the implementation mode of the invention has the main differences and the effects that:
the bidirectional authentication based on the biological identification characteristics of the user can ensure that the user requesting to acquire the data at the physical position is the user, thereby effectively avoiding the condition that the user identity or the related data after the mobile terminal is stolen and improving the safety of data acquisition.
Furthermore, the encrypted data are stored locally, and the secret key is stored in the cloud, so that the encrypted data do not need to be transmitted through the network, the risk of intercepting the encrypted data is reduced, meanwhile, the data can not be reversely deduced after the secret key runs off, and the safety of data acquisition is further improved.
Furthermore, the biometric features of the user are not stored, and the biometric features do not need to be sent remotely, so that the biometric features of the user are prevented from being leaked while the authorization security is ensured.
Drawings
FIG. 1 is a schematic flow chart of a method for authenticating use of a data storage device according to a first embodiment of the present invention;
FIG. 2 is a schematic flow chart of a method for authenticating use of a data storage device according to a second embodiment of the present invention;
FIG. 3 is a schematic flow chart of a method for authenticating use of a data storage device according to a third embodiment of the present invention;
FIG. 4 is a schematic flow chart illustrating a method for authenticating a data storage device using a fourth embodiment of the present invention;
FIG. 5 is a schematic diagram of a configuration of a use authentication apparatus of a data storage device according to a fifth embodiment of the present invention;
fig. 6 is a schematic configuration diagram of a mobile terminal according to a sixth embodiment of the present invention;
fig. 7 is a schematic configuration diagram of a server according to a seventh embodiment of the present invention.
Detailed Description
In the following description, numerous technical details are set forth in order to provide a better understanding of the present application. However, it will be understood by those skilled in the art that the technical solutions claimed in the present application can be implemented without these technical details and with various changes and modifications based on the following embodiments.
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
It is understood that, in the present invention, the biometric feature refers to a biometric feature capable of uniquely identifying a user, such as a fingerprint, iris, facial feature, voice, etc.
Further, it is understood that in the present invention, the mobile terminal includes, but is not limited to, a smart phone, a tablet computer, and the like. The server may be a remote server or a cloud server. The device ID refers to information capable of uniquely identifying the data storage device, such as an identification code or an identification number set for the data storage device, or an IP address, a MAC address, or the like of the data storage device. The terminal ID of the mobile terminal also refers to information capable of uniquely identifying the mobile terminal, such as a MAC address or an identifier specifically set for the terminal. The user ID refers to identification information that can uniquely indicate the user identity, such as a machine code (SN code) of the user's mobile phone, a mobile phone number, a user name, and the like. It should be noted that the IDs with different transmission sources are differentiated by adding the first or the second ID, for example, the first terminal ID and the second terminal ID are both IDs for identifying the mobile terminal, and only the directly transmitted devices are different, so they are differentiated.
Furthermore, it is understood that the data storage device referred to in the present invention may be a common storage device that can be accessed by multiple user authentication, for example, an electronic message board, a mobile storage medium with a battery, and the like.
The first embodiment of the invention relates to a use authentication method of a data storage device. FIG. 1 is a flow diagram illustrating a method of authenticating use of the data storage device.
Specifically, as shown in fig. 1, the method for authenticating the use of the data storage device includes the following steps:
in step 101, a first biometric characteristic of a user collected at a data storage device is acquired.
Thereafter, step 102 is entered.
In step 102, a first biometric characteristic is transmitted to the mobile terminal for the mobile terminal to match the received first biometric characteristic with a second biometric characteristic of the user stored in the mobile terminal.
Thereafter, step 103 is entered.
In step 103, it is determined whether the first terminal ID of the mobile terminal and the first user ID of the user of the mobile terminal sent by the mobile terminal are received within a first predetermined time. That is, the mobile terminal sends the first terminal ID of the mobile terminal and the first user ID of the user of the mobile terminal after successfully matching the first biometric characteristic with the second biometric characteristic stored in the mobile terminal.
If the judgment result is yes, the step 104 is entered; otherwise, the flow is ended.
In step 104, a first device ID, a first terminal ID and a first user ID identifying the data storage device are sent to the server, so that the server matches the received first device ID, first terminal ID and first user ID with a second device ID, a second terminal ID and a second user ID received by the server from the mobile terminal, respectively. Wherein the first device ID is a device ID identifying the data storage device and the second device ID is a device ID identifying the data storage device sent to the mobile terminal at or after the first biometric characteristic is sent to the mobile terminal.
Thereafter, step 105 is entered.
In step 105, it is determined whether the authorization information sent by the server and successfully matched is received within a second predetermined time.
If the judgment result is yes, the step 106 is entered; otherwise, the flow is ended.
In step 106, data corresponding to the first user ID stored in the data storage device is transmitted to the mobile terminal.
Thereafter, the present flow ends.
Preferably, in step 106, in order to further enhance the security of data acquisition, the data transmitted to the mobile terminal is encrypted data, and the key corresponding to the encrypted data is stored in the server, after the server successfully matches the first device ID, the first terminal ID and the first user ID with the second device ID, the second terminal ID and the second user ID, respectively, the key corresponding to the first user ID or the second user ID is transmitted to the mobile terminal, the mobile terminal decrypts the encrypted data received from the data storage device according to the received key, and preferably, the decrypted data is displayed on the screen of the mobile terminal. Therefore, the encrypted data are stored locally, the secret key is stored in the cloud, the encrypted data do not need to be transmitted through the network, the risk that the encrypted data are intercepted is reduced, meanwhile, the data can not be reversely deduced after the secret key runs off, and the safety of data acquisition is further improved.
To prevent the leakage of the biometric features of the user, in an exemplary embodiment, after the step 102, the method further includes:
deleting the acquired first biometric characteristic. If the devices for acquiring and acquiring the biometric features are not the same device, the acquisition device for acquiring the biometric features deletes the acquired biometric features after transmitting the acquired biometric features. Therefore, the biometric identification features of the user are not stored, the biometric identification features do not need to be sent remotely, and the biometric identification features of the user are prevented from being leaked while the authorization security is ensured.
In an example, the device for acquiring the first biometric characteristic is arranged or integrated on a data storage device. For example, the acquisition device of the first biometric characteristic is mounted or arranged on an information acquisition button of the electronic message board.
In another example of the present invention, the biometric feature collecting device may be an external device, and the collected biometric feature information may be transmitted to the data storage device through a wireless or wired connection.
In an example, the first biometric characteristic and the second biometric characteristic are fingerprints.
The bidirectional authentication based on the biological identification characteristics of the user can ensure that the user requesting to acquire the data at the physical position is the user, thereby effectively avoiding the condition that the user identity or the related data after the mobile terminal is stolen and improving the safety of data acquisition.
A second embodiment of the invention relates to a method for authenticating the use of a data storage device. FIG. 2 is a flow diagram illustrating a method of authenticating use of the data storage device.
Specifically, as shown in fig. 2, the method for authenticating the use of the data storage device includes the following steps:
in step 201, the mobile terminal receives a first biometric characteristic of a user collected at a data storage device. Thereafter, step 202 is entered.
In step 202, the mobile terminal matches the received first biometric characteristic with a second biometric characteristic of the user stored in the mobile terminal.
If the matching is successful, step 203 is entered; otherwise, the flow is ended.
In step 203, the mobile terminal sends a first terminal ID of the mobile terminal and a first user ID of a user of the mobile terminal to the detection device sending the first biometric characteristic, and
sending a second device ID, a second terminal ID and a second user ID of the identification data storage device of the receiving self-detection device to the server, so that the server: and matching the received second equipment ID, the second terminal ID and the second user ID with the first equipment ID, the first terminal ID and the first user ID received by the server from the detection equipment respectively.
It can be understood that, after matching the second device ID, the second terminal ID, and the second user ID with the first device ID, the first terminal ID, and the first user ID, if the matching is successful, the server will send authorization information to the data storage device, and after receiving the authorization information, the data storage device will send the data corresponding to the first user ID stored in the data storage device to the mobile terminal. Preferably, in order to further improve the security of data transmission, the data stored in the data storage device may be encrypted and the key corresponding to the encrypted data may be stored in the server, so that the server transmits the key corresponding to the first user ID and the second user ID to the mobile terminal after the matching is successful, the mobile terminal decrypts the encrypted data received from the data storage device using the key after receiving the key, and the decrypted data may be displayed on the screen of the mobile terminal.
Thereafter, the present flow ends.
In an exemplary embodiment, the detection device is included in a data storage device.
In another example, the first biometric characteristic and the second biometric characteristic are fingerprints.
It will be appreciated that in embodiments of the invention, the detection device may be located or integrated on the data storage device as part of the data storage device. For example, integrated with the biometric acquisition device. Or an external device, which communicates with the data storage device through a wired connection or a wireless communication technology.
The bidirectional authentication based on the biological identification characteristics of the user can ensure that the user requesting to acquire the data at the physical position is the user, thereby effectively avoiding the condition that the user identity or the related data after the mobile terminal is stolen and improving the safety of data acquisition.
The third embodiment of the invention relates to a use authentication method of a data storage device. FIG. 3 is a flow diagram illustrating a method of authenticating use of the data storage device.
Specifically, as shown in fig. 3, the method for authenticating the use of the data storage device includes the following steps:
in step 301, the server receives a second device ID, a second terminal ID, and a second user ID from the mobile terminal, and receives a first device ID, a first terminal ID, and a first user ID from the detection device.
Thereafter, step 302 is entered.
In step 302, the server matches the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively.
If the matching is successful, go to step 303; otherwise, the flow is ended.
In step 303, the server sends authorization information to the data storage device, so that the data storage device sends data corresponding to the first user ID to the mobile terminal according to the received authorization information.
It will be appreciated that the mobile terminal sends the second device ID, the second terminal ID and the second user ID to the server and sends the first terminal ID and the first user ID to the detection device when the first biometric characteristic matches a second biometric characteristic of the user stored in the mobile terminal, and the first biometric characteristic is collected at the data storage device and sent by the detection device to the mobile terminal, the first device ID being sent by the detection device to the mobile terminal.
Thereafter, the present flow ends.
Preferably, in order to further improve the security of data transmission, the data stored in the data storage device may be encrypted, and the key corresponding to the encrypted data may be stored in the server, so that the server transmits the key corresponding to the first user ID and the second user ID to the mobile terminal after the matching is successful, and the mobile terminal decrypts the encrypted data received from the data storage device by using the key after receiving the key.
The bidirectional authentication based on the biological identification characteristics of the user can ensure that the user requesting to acquire the data at the physical position is the user, thereby effectively avoiding the condition that the user identity or the related data after the mobile terminal is stolen and improving the safety of data acquisition.
The fourth embodiment of the invention relates to a use authentication method of a data storage device. FIG. 4 is a flow diagram illustrating a method of authenticating use of the data storage device.
Specifically, as shown in fig. 4, the method for authenticating the use of the data storage device includes the following steps:
in step 401, the detection device obtains and sends to the mobile terminal a first biometric characteristic of the user collected at the data storage device and a second device ID identifying the data storage device.
Thereafter, step 402 is entered.
In step 402, the mobile terminal matches the received first biometric characteristic with a second biometric characteristic of the user stored in the mobile terminal.
If so, go to step 403; otherwise, the flow is ended.
In step 403, the mobile terminal sends a first terminal ID identifying the mobile terminal and a first user ID identifying a user of the mobile terminal to the detection device, and sends a second device ID, a second terminal ID identifying the mobile terminal and a second user ID identifying the user of the mobile terminal to the server.
Thereafter, step 404 is entered.
In step 404, the detection device sends a first device ID identifying the data storage device, and the received first terminal ID and first user ID to the server.
Thereafter, step 405 is entered.
In step 405, the server matches the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively.
If the match is successful, go to step 406; otherwise, the flow is ended.
In step 406, the server sends authorization information to the data storage device and sends a key corresponding to the first user ID or the second user ID to the mobile terminal.
Thereafter, step 407 is entered.
In step 407, the data storage device sends encrypted data corresponding to the first user ID to the mobile terminal according to the authorization information received from the server.
Step 408 is thereafter entered.
In step 408, the mobile terminal decrypts the encrypted data received from the data storage device storage using the received key.
Thereafter, the present flow ends.
The bidirectional authentication based on the biological identification characteristics of the user can ensure that the user requesting to acquire the data at the physical position is the user, thereby effectively avoiding the condition that the user identity or the related data after the mobile terminal is stolen and improving the safety of data acquisition.
A fifth embodiment of the present invention relates to a use authentication apparatus for a data storage device. Fig. 5 is a schematic diagram of the structure of the authentication device.
Specifically, as shown in fig. 5, the use authentication apparatus includes:
an acquisition unit for acquiring a first biometric characteristic of a user acquired at a data storage device;
the mobile terminal comprises a first sending unit, a second sending unit and a third sending unit, wherein the first sending unit is used for sending a first biological identification characteristic to the mobile terminal so that the mobile terminal can match the received first biological identification characteristic with a second biological identification characteristic of a user stored in the mobile terminal;
a second sending unit, configured to send, to the server, the first device ID, the first terminal ID, and the first user ID that identify the data storage device when receiving the first terminal ID of the mobile terminal and the first user ID of the user of the mobile terminal sent by the mobile terminal, so that the server matches the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID received by the server from the mobile terminal, respectively;
the third sending unit is used for sending the data which is stored in the data storage device and corresponds to the first user ID to the mobile terminal after the authorization information which is successfully matched with the server is received from the server;
and the deleting unit is used for deleting the acquired first biological identification characteristic.
The first and fourth embodiments are method embodiments corresponding to the present embodiment, and the present embodiment may be implemented in cooperation with the first or fourth embodiment. The related technical details mentioned in the first and fourth embodiments are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the first embodiment or the fourth embodiment.
A sixth embodiment of the present invention discloses a mobile terminal. Fig. 6 is a schematic structural diagram of the mobile terminal.
Specifically, as shown in fig. 6, the mobile terminal includes:
a first receiving unit, configured to receive a first biometric characteristic of a user collected at a data storage device;
a first matching unit for matching the received first biometric characteristic with a second biometric characteristic of the user stored in the mobile terminal;
a fourth transmitting unit for transmitting the first terminal ID of the mobile terminal and the first user ID of the user of the mobile terminal to the detecting device transmitting the first biometric feature after the first matching unit is successfully matched, and
sending a second device ID, a second terminal ID and a second user ID of the identification data storage device of the receiving self-detection device to the server, so that the server: matching the received second equipment ID, the second terminal ID and the second user ID with the first equipment ID, the first terminal ID and the first user ID received by the server from the detection equipment respectively;
a second receiving unit for receiving data corresponding to the first user ID stored in the data storage device from the data storage device.
In an example, the data received by the second receiving unit is encrypted data, and the second receiving unit further receives a key corresponding to the first user ID or the second user ID from the server.
The mobile terminal further includes:
a decryption unit configured to decrypt the encrypted data based on the received key;
a display unit for displaying the decrypted data on a screen of the mobile terminal.
The second and fourth embodiments are method embodiments corresponding to the present embodiment, and the present embodiment may be implemented in cooperation with the second or fourth embodiment. The related technical details mentioned in the second and fourth embodiments are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied in the second embodiment or the fourth embodiment.
A seventh embodiment of the present invention discloses a server. Fig. 7 is a schematic diagram of the server.
Specifically, as shown in fig. 7, the server includes:
a third receiving unit configured to receive the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receive the first device ID, the first terminal ID, and the first user ID from the detection device;
a second matching unit, configured to match the received first device ID, the first terminal ID, and the first user ID with the second device ID, the second terminal ID, and the second user ID, respectively;
and the fifth sending unit is used for sending the authorization information to the data storage device so that the data storage device sends the data corresponding to the first user ID to the mobile terminal according to the received authorization information.
It will be appreciated that the mobile terminal sends the second device ID, the second terminal ID and the second user ID to the server and sends the first terminal ID and the first user ID to the detection device when the first biometric characteristic matches the second biometric characteristic of the user stored in the mobile terminal, and the first biometric characteristic is collected at the data storage device and sent by the detection device to the mobile terminal, the first device ID being sent by the detection device to the mobile terminal.
The third and fourth embodiments are method embodiments corresponding to the present embodiment, and the present embodiment may be implemented in cooperation with the third or fourth embodiment. The related technical details mentioned in the third and fourth embodiments are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the third embodiment or the fourth embodiment.
An eighth embodiment of the present invention discloses an apparatus. The device comprises a memory storing computer executable instructions and a processor configured to execute the instructions to implement the method of authenticating use of a data storage device as disclosed in the first to fourth embodiments.
A ninth embodiment of the present invention discloses a non-volatile data storage device storage medium encoded with a computer program, wherein the computer program comprises instructions that, when executed by one or more computers, cause the one or more computers to perform to implement the method of authenticating use of a data storage device disclosed in the first to fourth embodiments.
The method embodiments of the present invention may be implemented in software, hardware, firmware, etc. Whether the present invention is implemented as software, hardware, or firmware, the instruction code may be stored in a memory accessible by any type of data storage device (e.g., permanent or modifiable, volatile or non-volatile, solid or non-solid, fixed or removable media, etc.). Also, the Memory may be, for example, Programmable Array Logic (PAL), Random Access Memory (RAM), Programmable Read Only Memory (PROM), Read-Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), a magnetic disk, an optical disk, a Digital Versatile Disk (DVD), or the like.
It should be noted that, each unit/module mentioned in each device embodiment of the present invention is a logical unit/module, and physically, one logical unit may be one physical unit, or may be a part of one physical unit, or may be implemented by a combination of multiple physical units, and the physical implementation manner of these logical units itself is not the most important, and the combination of the functions implemented by these logical units is the key to solve the technical problem provided by the present invention. Furthermore, the above-mentioned embodiments of the apparatus of the present invention do not introduce elements that are less relevant for solving the technical problems of the present invention in order to highlight the innovative part of the present invention, which does not indicate that there are no other elements in the above-mentioned embodiments of the apparatus.
It is to be noted that in the claims and the description of the present patent, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the use of the verb "comprise a" to define an element does not exclude the presence of another, same element in a process, method, article, or apparatus that comprises the element.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention.

Claims (15)

1. A method for authenticating use of a data storage device, comprising:
obtaining a first biometric characteristic of a user collected at the data storage device;
sending the first biometric characteristic to a mobile terminal for the mobile terminal to match the received first biometric characteristic with a second biometric characteristic of the user stored in the mobile terminal;
if a first terminal ID of the mobile terminal and a first user ID of a user of the mobile terminal which are sent by the mobile terminal are received, sending a first device ID, the first terminal ID and the first user ID which identify the data storage device to a server, so that the server matches the received first device ID, the received first terminal ID and the received first user ID with a second device ID, a second terminal ID and a second user ID which are received by the server from the mobile terminal, and the second device ID is sent to the mobile terminal by the data storage device;
and if the authorization information which is successfully matched with the server is received from the server, sending the data which is stored in the data storage equipment and corresponds to the first user ID to the mobile terminal.
2. The method of claim 1, wherein the data corresponding to the first user ID transmitted to the mobile terminal is encrypted data, and wherein
And after receiving the encrypted data, the mobile terminal decrypts the encrypted data according to the key corresponding to the first user ID or the second user ID, which is received from the server and sent after the server is successfully matched.
3. The method for authenticating use of a data storage device of claim 2, further comprising, after sending the first biometric characteristic to the mobile terminal:
deleting the acquired first biometric characteristic.
4. A method of authenticating use of a data storage device according to any one of claims 1 to 3, wherein at least one of the following conditions is satisfied:
the device for acquiring the first biometric characteristic is housed or integrated on the data storage device;
the data storage device is an electronic message board;
the first and second biometric characteristics are fingerprints.
5. A method for authenticating use of a data storage device, comprising:
the mobile terminal receives a first biological identification characteristic of the user collected at the data storage device;
the mobile terminal matches the received first biological identification characteristic with a second biological identification characteristic of the user stored in the mobile terminal;
if the matching is successful, the mobile terminal sends the first terminal ID of the mobile terminal and the first user ID of the user of the mobile terminal to the detection device which sends the first biological identification feature, and
sending a second device ID, a second terminal ID, and a second user ID identifying the data storage device received from the detection device to a server for the server to: and matching the received second equipment ID, second terminal ID and second user ID with the first equipment ID, first terminal ID and first user ID received by the server from the detection equipment respectively.
6. The method for authenticating use of a data storage device of claim 5, further comprising:
the mobile terminal receives data corresponding to the first user ID stored in the data storage device from the data storage device;
the server sends authorization information successfully matched with the server to the data storage device after successfully matching the second device ID, the second terminal ID and the second user ID with the first device ID, the first terminal ID and the first user ID respectively, and the data storage device sends the data to the mobile terminal after receiving the authorization information.
7. The method of claim 6, wherein the data received by the mobile terminal from the data storage device is encrypted data, and further comprising:
the mobile terminal receives a key corresponding to the first user ID or the second user ID from the server, and decrypts the encrypted data based on the key.
8. The method for authenticating use of a data storage device of claim 7, further comprising:
displaying the decrypted data on a screen of the mobile terminal.
9. A method for authenticating use of a data storage device, comprising:
the server receives a second device ID, a second terminal ID and a second user ID from the mobile terminal, and receives a first device ID, a first terminal ID and a first user ID from the detection device;
the server respectively matches the received first equipment ID, first terminal ID and first user ID with the second equipment ID, second terminal ID and second user ID;
after the matching is successful, the server sends authorization information to the data storage device, so that the data storage device sends data corresponding to the first user ID to the mobile terminal according to the received authorization information;
wherein the mobile terminal transmits the second device ID, the second terminal ID, and the second user ID to the server and transmits the first terminal ID and the first user ID to the detection device when the first biometric characteristic matches a second biometric characteristic of the user stored in the mobile terminal, and
the first biometric characteristic is collected at the data storage device and sent to the mobile terminal by the detection device, and the second device ID is sent to the mobile terminal by the detection device.
10. The method of claim 9, wherein the data sent by the data storage device to the mobile terminal is encrypted data, and further comprising:
and after the matching is successful, the server sends a key corresponding to the first user ID or the second user ID to the mobile terminal, so that the mobile terminal can decrypt the encrypted data based on the received key.
11. An apparatus for authenticating use of a data storage device, comprising:
an acquisition unit for acquiring a first biometric characteristic of a user acquired at the data storage device;
the first sending unit is used for sending the first biological identification feature to a mobile terminal so that the mobile terminal can match the received first biological identification feature with a second biological identification feature of the user stored in the mobile terminal;
a second sending unit, configured to send, to a server, a first device ID, a first terminal ID, and a first user ID that identify the data storage device when receiving the first terminal ID of the mobile terminal and the first user ID of the user of the mobile terminal sent by the mobile terminal, so that the server matches the received first device ID, first terminal ID, and first user ID with a second device ID, a second terminal ID, and a second user ID received by the server from the mobile terminal, respectively, where the second device ID is sent to the mobile terminal by the data storage device;
a third sending unit, configured to send, to the mobile terminal, data corresponding to the first user ID stored in the data storage device after receiving, from the server, the authorization information that the server matching is successful;
and the deleting unit is used for deleting the acquired first biological identification characteristic.
12. A mobile terminal, comprising:
a first receiving unit for receiving a first biometric characteristic of a user collected at the data storage device;
a first matching unit, configured to match the received first biometric characteristic with a second biometric characteristic of the user stored in the mobile terminal;
a fourth transmitting unit, configured to transmit the first terminal ID of the mobile terminal and the first user ID of the user of the mobile terminal to the detecting device that transmits the first biometric feature after the first matching unit succeeds in matching, and
sending a second device ID, a second terminal ID, and a second user ID identifying the data storage device received from the detection device to a server for the server to: matching the received second equipment ID, the second terminal ID and the second user ID with the first equipment ID, the first terminal ID and the first user ID received by the server from the detection equipment respectively, and sending authorization information matched successfully to the data storage equipment after matching is successful;
a second receiving unit configured to receive data corresponding to the first user ID stored in the data storage device from the data storage device.
13. A server, comprising:
a third receiving unit configured to receive the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receive the first device ID, the first terminal ID, and the first user ID from the detection device;
a second matching unit, configured to match the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively;
a fifth sending unit, configured to send authorization information to the data storage device, so that the data storage device sends, according to the received authorization information, data corresponding to the first user ID to the mobile terminal;
wherein the mobile terminal transmits the second device ID, the second terminal ID, and the second user ID to the server and transmits the first terminal ID and the first user ID to the detection device when the first biometric characteristic matches a second biometric characteristic of the user stored in the mobile terminal, and
the first biometric characteristic is collected at the data storage device and sent to the mobile terminal by the detection device, and the second device ID is sent to the mobile terminal by the detection device.
14. A data storage device usage authentication device comprising a memory storing computer executable instructions and a processor configured to execute the instructions to implement a data storage device usage authentication method as claimed in any one of claims 1 to 10.
15. A non-transitory computer storage medium encoded with a computer program, the computer program comprising instructions that, when executed by one or more computers, cause the one or more computers to perform the method of authenticating use of a data storage device as recited in any one of claims 1 to 10.
CN201810901051.XA 2018-08-09 2018-08-09 Use authentication method of data storage device, device and storage medium thereof Active CN108989331B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810901051.XA CN108989331B (en) 2018-08-09 2018-08-09 Use authentication method of data storage device, device and storage medium thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810901051.XA CN108989331B (en) 2018-08-09 2018-08-09 Use authentication method of data storage device, device and storage medium thereof

Publications (2)

Publication Number Publication Date
CN108989331A CN108989331A (en) 2018-12-11
CN108989331B true CN108989331B (en) 2021-03-09

Family

ID=64556344

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810901051.XA Active CN108989331B (en) 2018-08-09 2018-08-09 Use authentication method of data storage device, device and storage medium thereof

Country Status (1)

Country Link
CN (1) CN108989331B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113556740B (en) * 2020-04-07 2024-03-19 中移(成都)信息通信科技有限公司 Identity authentication system and method
CN113836082A (en) * 2020-06-23 2021-12-24 南京酷派软件技术有限公司 Data migration method and device, storage medium and server
CN111783065A (en) * 2020-06-30 2020-10-16 上海闻泰电子科技有限公司 Authorization method and device based on two-dimension code, electronic equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330386A (en) * 2008-05-19 2008-12-24 刘洪利 Authentication system based on biological characteristics and identification authentication method thereof
CN101345761A (en) * 2008-08-20 2009-01-14 深圳市同洲电子股份有限公司 Private data transmission method and system
US9165124B1 (en) * 2012-02-01 2015-10-20 Convertro, Inc. Systems and methods for identifying a returning web client
CN105812140B (en) * 2014-12-31 2019-11-15 上海庆科信息技术有限公司 A kind of authorization access method
CN104753953A (en) * 2015-04-13 2015-07-01 成都双奥阳科技有限公司 Access control system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Efficient fingerprint-based user authentication for embedded systems;P. Gupta;《Proceedings. 42nd Design Automation Conference, 2005》;20050926;244-247 *
网络空间安全体系与关键技术;罗军舟等;《中国科学:信息科学》;20160831(第8期);939-968 *

Also Published As

Publication number Publication date
CN108989331A (en) 2018-12-11

Similar Documents

Publication Publication Date Title
US10666642B2 (en) System and method for service assisted mobile pairing of password-less computer login
US10740481B2 (en) Security systems and methods with identity management for access to restricted access locations
WO2017197974A1 (en) Biometric characteristic-based security authentication method, device and electronic equipment
CN106330442B (en) Identity authentication method, device and system
AU2014262138B2 (en) User authentication
US20090158033A1 (en) Method and apparatus for performing secure communication using one time password
US20140093144A1 (en) More-Secure Hardware Token
US20140181520A1 (en) Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method
KR102514429B1 (en) Update of biometric data template
CN109067881B (en) Remote authorization method, device, equipment and storage medium thereof
CN109145628B (en) Data acquisition method and system based on trusted execution environment
EP2879421A1 (en) Terminal identity verification and service authentication method, system, and terminal
CN103761647A (en) Electronic payment system and electronic payment method
CN108989331B (en) Use authentication method of data storage device, device and storage medium thereof
CN111989672A (en) Password reset for multi-domain environment
CN106656955A (en) Communication method and system and user terminal
KR102131976B1 (en) User terminal apparatus and method for providing personal information thereby
KR101799517B1 (en) A authentication server and method thereof
US20140250499A1 (en) Password based security method, systems and devices
CN109561428B (en) Remote authentication method, device, equipment and storage medium thereof
CN110619228B (en) File decryption method, file encryption method, file management system and storage medium
CN109067880B (en) Remote unlocking method of shared equipment, device, equipment and storage medium thereof
CN112446982A (en) Method, device, computer readable medium and equipment for controlling intelligent lock
CN109617898B (en) Remote authentication method, device, equipment and storage medium thereof
CN115103356A (en) Computer security verification system, method, mobile terminal and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200519

Address after: 201101 401, 39 Lane 3333, Hongxin Road, Minhang District, Shanghai

Applicant after: Gu Hongchao

Address before: 241000 A609, No. 35 Hengshan Road, Wuhu Economic and Technological Development Zone, Wuhu City, Anhui Province

Applicant before: WUHU JIZHI INTELLIGENT TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant